Vulnerabilities > Cmsmadesimple

DATE CVE VULNERABILITY TITLE RISK
2019-03-26 CVE-2019-9059 Command Injection vulnerability in Cmsmadesimple CMS Made Simple
An issue was discovered in CMS Made Simple 2.2.8.
network
low complexity
cmsmadesimple CWE-77
6.5
2019-03-26 CVE-2019-9058 Unspecified vulnerability in Cmsmadesimple CMS Made Simple
An issue was discovered in CMS Made Simple 2.2.8.
network
low complexity
cmsmadesimple
7.2
2019-03-26 CVE-2019-9057 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Cmsmadesimple CMS Made Simple
An issue was discovered in CMS Made Simple 2.2.8.
network
low complexity
cmsmadesimple CWE-915
8.8
2019-03-26 CVE-2019-9055 Deserialization of Untrusted Data vulnerability in Cmsmadesimple CMS Made Simple
An issue was discovered in CMS Made Simple 2.2.8.
network
low complexity
cmsmadesimple CWE-502
6.5
2019-03-26 CVE-2019-9053 SQL Injection vulnerability in Cmsmadesimple CMS Made Simple 2.2.8
An issue was discovered in CMS Made Simple 2.2.8.
6.8
2019-03-24 CVE-2019-10017 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.
3.5
2019-03-11 CVE-2019-9693 SQL Injection vulnerability in Cmsmadesimple CMS Made Simple
In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id).
network
low complexity
cmsmadesimple CWE-89
6.5
2019-03-11 CVE-2019-9692 Unrestricted Upload of File with Dangerous Type vulnerability in Cmsmadesimple CMS Made Simple
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
network
low complexity
cmsmadesimple CWE-434
4.0
2018-12-25 CVE-2018-20464 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.8
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php.
4.3
2018-12-19 CVE-2018-19597 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.8
CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798.
3.5